{ "id": "CVE-2024-37286", "sourceIdentifier": "bressers@elastic.co", "published": "2024-08-03T16:15:49.060", "lastModified": "2024-08-05T12:41:45.957", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged." }, { "lang": "es", "value": "Los registros del servidor APM contienen el cuerpo del documento de una solicitud de \u00edndice masivo parcialmente fallida. Por ejemplo, en caso de unavailable_shards_exception para un documento espec\u00edfico, dado que la l\u00ednea de respuesta de ES contiene el cuerpo del documento y el servidor APM registra la l\u00ednea de respuesta de ES en caso de error, el documento se registra efectivamente." } ], "metrics": { "cvssMetricV31": [ { "source": "bressers@elastic.co", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.1, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "bressers@elastic.co", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-532" } ] } ], "references": [ { "url": "https://discuss.elastic.co/t/apm-server-8-14-0-security-update-esa-2024-19/364289", "source": "bressers@elastic.co" } ] }